how to enable tun/tap inside lxc

2015-10-01/ 5 Comments

To enable the tun/tap interface in a lxc container – eg. for Openvpn – one needs to edit the lxc configuration file.

Its default location for all containers is:

/etc/lxc/default.conf

and you have to add:

lxc.cgroup.devices.allow = c 10:200 rwm

This works in Proxmox 4.2, too.

note: be aware that the config file above applies to all lxc container on the host, if you want a more fine grained control edit /etc/pve/lxc/<ID>/<ID>.conf for Proxmox, or /var/lib/lxc/<container>/config for plain lxc.

To actually use a tun/tap device it must be created inside the container on every boot, so add the following to your /etc/rc.local inside your container:

if ! [ -c /dev/net/tun ]; then
 mkdir -p /dev/net
 mknod -m 666 /dev/net/tun c 10 200
fi

thats it!

5 Comments

Pingback:

Créer une interface TUN pour un container Debian dans Proxmox
WoJ 2016-04-19 at 7:27 pm Reply

This has changed in the latest versions. Now one must use “lxc config” and “lxc profile” to make the changes (lxc.conf does not exist anymore)

Felix Brucker 2016-04-19 at 9:24 pm Reply

thanks for the heads up, the file can still be used though, it might just not be created by default
br

william j mantly jr 2017-01-31 at 4:23 am Reply

How about for un-privileged containers, this does not seem to work for them.

Felix Brucker 2017-01-31 at 9:57 am Reply

I personally have not tested this, but here: https://lists.linuxcontainers.org/pipermail/lxc-users/2015-July/009690.html someone seems to have succeeded, let me know if that worked
br

my small datacenter

how to enable tun/tap inside lxc

5 Comments

Leave a Reply Cancel reply